I need to restrict a specific unix user so that it can login with only a few select postgres usernames (with password prompt), but allowing every other user to use whatever pg username they want.
Assuming restrUnixUser is the unix user name and restrUser is one of the postgres users it may use, and AllowedDB is the only database they should connect to :
pg_hba.conf :
local AllowedDB restrUser password
local all restrUser reject
local all all ident map=exceptrestrUser
And pg_ident.conf :
exceptrestrUser /^(?!restrUnixUser).*$ user1
exceptrestrUser /^(?!restrUnixUser).*$ user2
exceptrestrUser /^(?!restrUnixUser).*$ postgres
does what I exactly want to do right now, however, I'll probably add a lot more users so I wonder if there is something like
mapname unixuserpattern allpgusers
that'll match with whatever username used to login by any unix user matching the pattern.